[The image above has nothing to do with this post, but it seemed to be fitting, given the latest developments. This post is all about trust]

In this age of free(mium), it’s common knowledge that you pay with your privacy. Facebook is the best (or should I say worst) example of the dance around your data, yet there are many more tools that you use, which have access to everything that you carry with you: all the data on your phone. Not only can they read that, they can also change it – and even “impersonate” you

Some applications do need this very deep trust level, e.g. virus scanners and applications such as Androidlost. Others absolutely do not do so, like Skype, Google Plus, LinkedIn and Facebook. Interested to see what they can do to the contents of your phone? You’ll be in for a surprise, or should I say, shock

Your entire browsing history is available, and they can change it too. Understandable if there’s a bogus link to an malicious website. Read contact data? write, even? All that seems trivial when compared to what the sensitive log data gives away:

Allows an application to read the low-level system log files. Log entries can contain the user’s private information, which is why this permission is not available to normal apps

The last four are at the bottom of the list, and available via “Show All”. Here’s what BitDefender says their app can do, and let’s just suffice to say that they leave out a few. The most burning questions get answered; your account access is necessary for signing in into BitDefender via e.g. your Google Account (so much for oAuth, I guess). Reason for write access to contacts? Absent. Location access? “necessary to get the best possible location” – I bet ya!
The SMS stuff is needed for SMS-controlled management of BitDefender, they say, along with making phone calls

Let’s face it: to be protected at all levels, you need read access to all levels. In order to be able to remove malicious software at all levels, you need write access to all levels. Still leaves a few questions unanswered, but hey

Let’s check out what Skype can do, shall we? Whatever is extra (yes, you read that right) to what BitDefender can do, is in bold. Whatever is duplicate, is italic. Whatever is not used, is in regular font

But Skype has almost the same deeply trusted access to my phone? Why? why on earth? To use the Internet in order to connect to someone else? That’s ridiculous

Even worse, it can retrieve all running applications, read my synchronisation settings, and even impersonate me! Here is what that last fine setting really can do:

Allows an application to use the account authenticator capabilities of the AccountManager, including creating accounts and getting and setting their passwords

What?! Skype has access to my password?! And can even change it?!!!
Yes, Skype has access to my password, and can even change it. It can also create accounts on my phone. Do you use Skype? Happy with it? Still happy?

How about google Plus then? We’ll run the same exercise as before: bold, italic and regular. This time, I’ve added the full permissions that Skype has as a baseline

Needless to say, the permissions are similar, yet go even deeper. Google plus apparently doesn’t feel the need to retrieve my running applications, nor to read my synchronisation statistics, but lo and behold, even Google Plus doesn’t need to act as an account authenticator. But I guess that the access to Google service configuration, along with reading and writing to my profile, make up for that. Hard to tell, really, from the tech documentation they provide.

Who’s in charge here? I most certainly am not. All my personal data is up for grabs, all my friends, all private messages, everything – p0wned by Google. Download files without notification? Who cares about that when you’ve granted access like the above…

Are you up for the last one? LinkedIn – let’s see what they require, or at least, acquire. Again, Skype is the baseline

Well that’s all folks! Glad to see that it is default for these three applications to not only read, but also write to your contacts. And access your profile data in some intrusive manner, one way or the other. And identify you by real name and number, by accessing your phone identity. Oh, and manage your synchronmisation settings for you, that really is required for all these apps, isn’t it?

Facebook? Same as the others. In fact, not nearly as bad as I thought it would be – but just as bad as the others

Listen up. You might be upset by what goes on in this world. You might be protesting new government laws, so-called anti-terror ones, or you might be standing on the barricades for who knows what request for information on your private life that you just don’t deem necessary.

But do you give applications like these even more than a mere glance?

Don’t you just install them, without reading what they do?

Or do you read what they want, but don’t read the fine print?

I’m sure you’ll do much more than that, after this post. Let me make a prediction: mobiles and phones are becoming, and have already become, so darn cheap, that people will carry two of each in the very near future: within the next 2-3 years. Not all people, but those who can afford an extra $100 for a burner phone or burner tablet, will get one. Burner meaning that it contains nothing private.

Then, still, the question remains which apps to use. Well, I predict that the app usage will quickly diminish, actually. Why download an app for an application that you only use online anyway? Why download an app to actually use an application that you only use via a browser when you’re sitting behind your laptop?

The answer is simple: you might (and highly likely do) not need to, but it’s given to you for free. How’s that hey? Marvellous… isn’t it?

Share:

Founder of We Wire People, Martijn has 15 years experience in the field of Integration, as an Architect working in and for Enterprises. He mainly advises in case of mergers, application rationalization and Cloud / Social Media back-office integration
Martijn blogs at martijnlinssen.com